Mobile Guardian Device Management Application

Name and Constituency of Member of Parliament

Mr Patrick Tay Teck Guan, Pioneer

Question

To ask the Minister for Education in respect of the recent cybersecurity incident involving the Mobile Guardian Device Management Application which has affected students in Singapore (a) what is the Ministry doing to help students who have had their study notes wiped out; (b) whether the Ministry has reviewed such software installed in tablets used by students to ensure that similar incidents do not recur; and (c) what necessary action will the Ministry take against the supplier of the software.

Name and Constituency of Member of Parliament

Dr Tan Wu Meng, Jurong GRC

Question

(a) why was Mobile Guardian's device management app continued to be used after its data security breach in April 2024 which caused the exfiltration of personal data of parents and staff from 127 schools; (b) whether contingency plans were instituted prior to the loss of internet access and classroom materials from students' personal learning devices in July 2024 and the cybersecurity incident causing students' devices to be remotely wiped in August 2024; and (c) whether affected students are adequately supported.

Name and Constituency of Member of Parliament

Mr Darryl David, Ang Mo Kio GRC

Question

To ask the Minister for Education with regard to the recent cybersecurity incident involving the Mobile Guardian Device Management Application that has affected students in Singapore (a) whether an update can be provided on how the Ministry is helping students who have been affected; and (b) what steps are being taken to ensure that similar incidents do not occur again in the future.

Name and Constituency of Member of Parliament

Dr Lim Wee Kiak, Sembawang GRC

Question

To ask the Minister for Education following the cybersecurity incident involving the Mobile Guardian application (a) what targeted support is being offered to affected students experiencing distress, particularly those with existing mental health conditions; (b) for students whose data is unrecoverable, how is the Ministry assisting them to prepare for their upcoming examinations and ensuring their access to adequate learning materials; and (c) whether examination grades for the affected students will be moderated this year.

Name and Constituency of Member of Parliament

Mr Christopher de Souza, Holland-Bukit Timah GRC

Question

To ask the Minister for Education whether there will be a review of the usage of technology by our students after the global cyber-security breach of the Mobile Guardian Device Management Application that affected our secondary students.

Name and Constituency of Member of Parliament

Mr Christopher de Souza, Holland-Bukit Timah GRC

Question

To ask the Minister for Education whether there will be a review done of our students' usage of technology for learning to assess if there has been an over-reliance on technology to the detriment of our students, including losing learning notes that the students have recorded and kept on their school-issued devices.

Name and Constituency of Member of Parliament

Mr Dennis Tan Lip Fong, Hougang

Question

To ask the Minister for Education (a) on what date did the Ministry first become aware of security vulnerabilities in the Mobile Guardian system; (b) what immediate steps were taken within the first 24 hours upon discovery; and (c) whether the vulnerability was immediately verified and patched, bearing in mind its critical nature and ease of exploitation and, if not, why not.

Name and Constituency of Member of Parliament

Mr Gerald Giam Yean Song, Aljunied GRC

Question

To ask the Minister for Education (a) whether there is an update to the number of students in Singapore who had their devices wiped remotely as a result of the Mobile Guardian cybersecurity breach in August 2024 and, if so, how many; (b) how many students were unable to recover their data; (c) what impact did this incident have on these students' preparation for weighted assessments and examinations; (d) whether the Ministry has any backups of students' data; and (e) if not, why not.

Name and Constituency of Member of Parliament

Ms He Ting Ru, Sengkang GRC

Question

To ask the Minister for Education (a) how are schools managing the devices of students after the Mobile Guardian Device Management Application was removed from their devices following the security breach in August 2024; (b) whether the Ministry has plans to involve parents more in the management of their children's devices; and (c) what specific steps will the Ministry take to empower parents with the knowledge and tools to effectively manage their children's devices.

Name and Constituency of Member of Parliament

Ms Hazel Poa, Non-Constituency Member of Parliament

Question

To ask the Minister for Education (a) whether there is an update on the efforts to restore devices that are affected by the Mobile Guardian system glitch and cybersecurity breach; and (b) in particular, whether students taking their national examinations have all been able to restore their devices.

Name and Constituency of Member of Parliament

Mr Sharael Taha, Pasir Ris-Punggol GRC

Question

To ask the Minister for Education (a) how many students are unable to recover data from their devices following the Mobile Guardian cybersecurity incident in August 2024; (b) how will the Ministry assist these students; and (c) how will the Ministry manage mobile device security to prevent future incidents.

Response

1.Mr Speaker sir, my response will cover the oral Parliamentary Questions raised by Dr Tan Wu Meng, Mr Patrick Tay, Mr Darryl David, Dr Lim Wee Kiak, Mr Christopher de Souza, Mr Sharael Taha, Mr Dennis Tan, Mr Gerald Giam, Ms He Ting Ru, and Ms Hazel Poa. In addition, I will also address two written PQs by Ms Joan Pereira and Mr Gerald Giam and invite Members to seek clarifications as needed.

2.Members have asked for the reasons behind the continued use of Mobile Guardian's (MG) Device Management Application (DMA) after the data breach incident in April this year, details of the technical issue in July and the cybersecurity incident in August, the support provided to affected students, and our approach to using technology for teaching and learning following this episode.

3.Let me first recap the purpose of the DMA. The DMA supports students as they learn to use their Personal Learning Device (PLD) safely and responsibly. For example, the DMA blocks students' access to undesirable Internet content such as gambling or pornography and sets screen time limits.

4.I will now share what happened in April and the actions taken by MOE. The incident in April was due to poor password management practice within MG, allowing the attacker to gain unauthorised access to MG's management portal, which led to the data breach. To ensure continued safe use, MG immediately locked down its admin accounts and mandated all account holders to change their passwords. As I had told this House in May, MG's management portal is used for administrative purposes and does not have the ability to change any configuration on students' PLDs. The MG app was thus not affected during the April incident.

5.MOE immediately registered strong dissatisfaction to MG over the incident and asked that an independent forensic investigator be appointed to evaluate MG's systems and processes, and make recommendations to prevent a recurrence. Subsequent findings from the forensic investigator pointed to poor password management practices and MG responded by implementing additional security measures such as strengthening authentication controls and fixing vulnerabilities. These enhancements were deployed on 31 May.

6.On the night of 30 May, a member of the public reported a potential vulnerability in the MG app to MOE. Our IT security team immediately investigated the report in the morning of 31 May. However, as explained earlier, because MG had rolled out a patch just before, attempts to replicate the vulnerability disclosed by the member of the public was not successful. An independent certified penetration tester engaged by MG to conduct additional penetration tests in June further confirmed that this vulnerability reported by the member of the public had been closed.

7.The independent test uncovered new vulnerabilities which MG had committed to fix. However, before it could complete the work, some schools started reporting on 30 July, that some PLDs had lost the ability to connect to internet and in some case, total loss of usage. We quickly established then that this glitch was not related to the April data breach incident. Neither was it a cyberattack. Instead, it was due to a human error by an MG engineer who configured a wrong expiry date, causing the app to stop working. To rectify the misconfiguration, an online update to the MG application was immediately deployed to all iPad users.

8.Five days later, on 4 August, MG suffered a cyberattack which remotely wiped out the iPads of some of their global customers, including 13,000 PLDs in our schools, or approximately 8% of devices used by our secondary school population. To contain the breach, MG immediately shut down their servers. As a precautionary measure, MOE embarked on the systematic removal of the MG app from all iPads and Chromebooks PLDs the next day.

9.Our priority was to help affected students, particularly those sitting for national examinations so that learning and revision could continue. We deployed over 300 additional IT engineers and staff to schools to help students restore their devices, as well as provided instruction sheets to those students who wanted to troubleshoot their own devices. All devices have since been restored for use last month. About one in six of the 13,000 affected PLDs lost some degree of data and less than 5% were unable to recover all their data as these devices had previously not been backed up.

10.During this period, schools made available hardcopy learning resources while supporting students who were emotionally affected. Deadlines for assignments were extended and Weighted Assessments postponed where needed. Students can continue to access learning resources on the Singapore Student Learning Space. Through this episode, it was most heartening to see many of our students step forward and proactively share their personal notes with classmates, and organise study sessions to do revision for their tests and exams together. We thank the vigilant member of the public who had flagged the potential vulnerability, our colleagues in GovTech and CSA, and also the media community who rallied round MOE to give the much needed support which helped our students learn the positives during this incident.

11.MOE requires our IT service providers to keep our systems and data safe. Our forensic investigations with GovTech and CSA into the 4 August incident found a new vulnerability in MG's system that could allow an individual to carry out the attack. This is a timely reminder that cyber threats can evolve quickly. While no security test can be entirely exhaustive, MOE expects its contractors to regularly assess and strengthen their systems' security posture. Due to these incidents, MOE has decided to cease the use of MG in all PLDs. MOE has also taken legal action against the relevant contractors. MOE is currently studying options for an alternative DMA solution for iPad and Chromebook PLDs. We will work towards rolling out the new DMA solution by the new school year in January 2025.

12.Until the new DMA solution is in place, schools have instituted additional processes to ensure that the PLDs are used safely and responsibly during school hours. MOE has activated web filtering through the Google Admin Console (GAC) for Chromebook PLDs and, through Parent Gateway, shared instructions on how to activate Apple's built-in parental controls on iPads. This way, parents can set boundaries like screen time routines and restrict access to unsavoury sites.

13.While the recent spate of incidents was highly unfortunate, this must not deter us from delivering education through technology as they enrich our students' learning experiences. We must learn to embrace EdTech in our teaching and learning so that our students grow up to be digitally savvy, able to navigate digital environments and take on the opportunities and challenges of the future. All of us can learn from this incident. It is an important reminder for all of us to practise good digital hygiene, including the regular backing up of information.

Public link

Please use the above public link if you want to share this noodl on another website.